Is there csf setting to block ip that require certain amount of requests?

StackOverflow https://stackoverflow.com/questions/17951364

  •  04-06-2022
  •  | 
  •  

Question

Is there CSF setting that would help me block certain IP's if they hit homepage to many times. We are under attack and I see some IP's doing 300 - 4000 requests. Is there easier way to block those with CSF?

Was it helpful?

Solution

You can set PORTFLOOD in the server. Try this and make changes in your csf.conf file

By dafualt

PORTFLOOD = ""

Change that to

PORTFLOOD = "80;tcp;20;5"

This means that if an IP is making 20 connections to port 80 in 5 seconds, Then csf will block that IP for at least 5 second after the last connection seen.

There will be a mandatory 5 second block before the block is lifted.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top